<?php
$file = $_FILES['filename'];//得到传输的数据

//得到文件名称
$name = $file['name'];

if($name)
{
	$filetype = strtolower(substr($name,strrpos($name,'.')+1)); //得到文件类型，并且都转化成小写
    $allow_type = array('jpg','png','jpeg');//定义允许上传的类型
	
	//判断文件类型是否被允许上传
	if(!in_array($filetype, $allow_type))
	{
		//如果不被允许，则直接停止程序运行
		Error("不允许上传改类型文件",$_SERVER['HTTP_REFERER']);
	}
	//判断是否是通过HTTP POST上传的
	if(!is_uploaded_file($file['tmp_name']))
	{
		//如果不是通过HTTP POST上传的
		Error("参数错误",$_SERVER['HTTP_REFERER']);
	}
	
	//新文件名称
	$filename = $system_time."_".rand(0,100).".$filetype";
	$upload_path = "upfiles/"; //上传文件的存放路径
	
	//存放在临时文件夹，判断尺寸大小
	move_uploaded_file($file['tmp_name'],"data/cache/".$filename);
	$picsize = getimagesize("data/cache/".$filename);
	$imgsize = explode(" ",$picsize[3]);
	$width = preg_replace("/[^0-9]/","",$imgsize[0]);
	$height = preg_replace("/[^0-9]/","",$imgsize[1]);
	unset($picsize,$imgsize);
	$filesize = filesize("data/cache/".$filename);
	
	if($filesize>1048576) //1M
	{
		$FS->qgDelete("data/cache/".$filename);
		Error("图片大小不能大于1M",$_SERVER['HTTP_REFERER']);
	}
	
	$ifupsize = picsize($width,$height,$type);
	if(!$ifupsize)
	{
		$FS->qgDelete("data/cache/".$filename);
		Error("图片不符合尺寸",$_SERVER['HTTP_REFERER']);
	}
	
	//创建时间目录
	$folder1 = date("Ym",$system_time);
	$folder2 = date("d",$system_time);
	$upload_path1 = $upload_path."/".$folder1."/";
	$upload_path2 = $upload_path."/".$folder1."/".$folder2."/";
	//父级目录
	if(!file_exists($upload_path1))
	{
		mkdir($upload_path1,0777,true);
		chmod($upload_path1,0777);
	}
	else
	{
		chmod($upload_path1,0777);
	}
	//子级目录
	if(!file_exists($upload_path2))
	{
		mkdir($upload_path2,0777,true);
		chmod($upload_path2,0777);
	}
	else
	{
		chmod($upload_path2,0777);
	}
	
	//开始移动文件到相应的文件夹
	copy("data/cache/".$filename,$upload_path2.$filename);
	chmod($upload_path2.$filename,0777);
	
	//删除临时文件
	$FS->qgDelete("data/cache/".$filename);
	
	$sql = "INSERT INTO ".$prefix."upfiles(filetype,tmpname,filename,folder,postdate) VALUES('".$filetype."','".$name."','".$filename."','".$upload_path2."','".$system_time."')";
	$insert_id = $DB->qgInsert($sql);

    if($act == "modifyok")
	{
		$sql = "UPDATE ".$prefix."msg set thumb='".$insert_id."' WHERE id='".$id."'";
		$DB->qgQuery($sql);
	}
}
?>